July 19, 2021

A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users’ WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot.  Once an […]

The post WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE appeared first on Security Affairs.

Read More WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE

Telus last week announced the launch of its new managed cloud security service built on global cybersecurity firm Palo Alto Networks’ Prisma Access technology to help Canadian organizations securely access data and applications from anywhere. 

The post Telus and Palo Alto Networks launch new managed cloud security service for Canadian businesses first appeared on IT World Canada.

Read More Telus and Palo Alto Networks launch new managed cloud security service for Canadian businesses

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. 

Read More Don’t Wanna Pay Ransom Gangs? Test Your Backups.

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […]

The post US DoJ indicts four members of China-linked APT40 cyberespionage group appeared first on Security Affairs.

Read More US DoJ indicts four members of China-linked APT40 cyberespionage group

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure. The monitoring tool collects […]

The post Experts disclose critical flaws in Advantech router monitoring tool appeared first on Security Affairs.

Read More Experts disclose critical flaws in Advantech router monitoring tool

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technolog…

Read More Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

Canada, other members of the Five Eyes intelligence co-operative, and members of NATO today accused China of malicious cyber activity, including responsibility for the Microsoft Exchange Server compromise discovered earlier this year. “Today, Canada joins its allies in identifying People’s Republic of China’s (PRC) state-backed actors for the unprecedented and indiscriminate exploitation of Microsoft Exchange Servers,” […]

The post Canada, allies accuse China of widespread malicious cyber activity first appeared on IT World Canada.

Read More Canada, allies accuse China of widespread malicious cyber activity

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru.

From the report:

Summary:

  • Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.
  • Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.
Read More Candiru: Another Cyberweapons Arms Manufacturer

A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco. Threat actors that goes online with the moniker ZeroX  claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale […]

The post Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco appeared first on Security Affairs.

Read More Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Today’s podcast reports on a new ransomware advice site, another Windows print spooler problem, more companies caught with unsecured cloud data storage and more applications to patch

The post Cyber Security Today, July 19, 2021 – A new ransomware advice site, another Windows print spooler problem and more companies caught with unsecured cloud data storage first appeared on IT World Canada.

Read More Cyber Security Today, July 19, 2021 – A new ransomware advice site, another Windows print spooler problem and more companies caught with unsecured cloud data storage

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware. Pegasus is a surveillance malware developed by […]

The post Pegasus Project – how governments use Pegasus spyware against journalists appeared first on Security Affairs.

Read More Pegasus Project – how governments use Pegasus spyware against journalists

WhatsApp is testing out a new cross-device feature; Clippy to return as an emoji in Microsoft 365 products, and Amazon’s Prime Day has been officially cancelled in Canada. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Monday, July 19, and I’m your host, Tom Li. WhatsApp’s popularity needs no […]

The post Hashtag Trending July 19 – WhatsApp on multiple devices; Clippy returns as an emoji; No Prime Day in 2021 first appeared on IT World Canada.

Read More Hashtag Trending July 19 – WhatsApp on multiple devices; Clippy returns as an emoji; No Prime Day in 2021

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS. […]

The post Experts show how to bypass Windows Hello feature to login on Windows 10 PCs appeared first on Security Affairs.

Read More Experts show how to bypass Windows Hello feature to login on Windows 10 PCs